Thank you, Mr. Chairman, and I want to echo your comments regarding the need for all Federal agencies to start devoting the attention and resources necessary to secure their computer systems from attacks or misuse. The government must do more to protect the sensitive personal, financial, proprietary and national security-related data on its systems.

I also want to stress how valuable the work of this Subcommittee has been in moving the ball forward on these issues. There should be little doubt in anyone's mind that, absent the aggressive oversight of this Subcommittee, agencies such as EPA, DOE, HCFA (now known as CMS) and others would not have taken many of the actions that they recently have taken to improve the security of their sensitive data and systems. While none of them are yet perfected, and none will likely ever be perfected due to rapidly changing technology, keeping the pressure and the focus on these issues is critically important to our nation and to its citizens.

As for the Commerce Department - which is the focus of our hearing today - the GAO and Inspector General audit findings are alarming. Ethical hackers from GAO and the Inspector General's office were able to have their way with the Department's various computer systems -- violating the integrity of the Department's computer networks virtually at will.

While these findings are quite troubling, they don't surprise me at all, based on the Committee's work at other agencies. When an Administration, such as the Clinton Administration, devotes so little attention and resources to a particular matter, we shouldn't be surprised to find that such problems are so pervasive. It is clear to me that, despite what the former President might have said about the importance of computer security, his Administration failed to take actions to make the protection of our nation's critical cyber assets a true priority.

That is why I am so pleased to see that the new Secretary of Commerce is taking a different approach. He's instituted a new management structure - with increased authority, responsibility, and accountability for the Department's information officers. He's allocated more resources to these security functions at the Department level. And, probably most importantly, the Secretary has made clear to his Under Secretaries that they will make computer security a priority as an integral part of their programmatic missions, and will allocate additional resources as necessary to get the job done.

In this vein, we are pleased to have the newly-confirmed Deputy Secretary of the Department here today to testify, signaling the importance of this topic to the Secretary and the level at which these issues are now being handled within the Department.

Let me finish just by emphasizing that good computer security is not a simple fix. While it takes consistent and sustained leadership, particularly in the beginning, effective long-term information security programs require the implementation of sound processes and policies that can carry on absent, or despite of, particular personalities. I hope the Commerce Department, and all Federal agencies, keep this principle in mind as they take these long-overdue steps to improve the security of the sensitive data which the American people have entrusted them to protect.

I thank the Chairman, and yield back the balance of my time.